Primer: Why (and how) to stop cryptojacking

Imagine sitting in your car in a drive-through, just after ordering a cup of coffee. As you wait for the barista to make your drink, a stranger opens your passenger door, reaches for the gas pedal, and floors it. Your car is burning gas quickly and could be sustaining damage to its engine.

Now imagine that the car is your computer, and the stranger is code running in your Web browser.

Congratulations, you’re a victim of cryptojacking, a relatively new method of mining cryptocurrency that involves harvesting an external device’s processing and electrical power to perform transaction-validating cryptographic calculations. As cryptojackers leech power from and compromise site visitors’ hardware, they line their pockets with portions of the bitcoin, litecoin, monero, ethereum, and other cryptocurrencies they mine.



READ MORE ON BITCOIN AND CRYPTOCURRENCY

Behind the black doors, a test kitchen for bitcoin
Why Satoshi Nakamoto’s identity matters to bitcoin
To stay secure, private blockchains need a bitcoin structure


Unlike carjacking, cryptojacking generally remains undetected for long periods of time, says David Pickett, a cybersecurity analyst at AppRiver. “Most people don’t know that it’s happening, and you can’t always tell that your resources are being sucked up,” he says.

“That’s what makes cryptojacking so tricky—you’re paying for it in electricity and stress on your hardware without realizing it, without approving it,” says Simon Bain, CEO of cybersecurity company BOHH Labs. “Because it’s clandestine, you don’t know whether cryptojacking stops when you leave the website or whether they’ve placed a cookie that will carry on once you’ve navigated away.”

Combine its nefarious applications today with its inherent stealthiness and rapid proliferation, and it’s easy to see why cryptojacking has become one of the hottest new topics in security circles.

Incidents of cryptojacking skyrocketed this fall, increasing nearly 300 percent between the beginning of October and end of November, and impacting an estimated one in five organizations in December.

Experts attribute this spike in large part to the September debut of a monero-mining cryptojacking script that relies on Web page loads rather than ads. The company behind the script, Web-based cryptominer Coinhive, later said in a blog post that its goal was “to offer a viable alternative to intrusive and annoying ads that litter so many websites today.”

Torrenting site The Pirate Bay was one of the first sites to surreptitiously experiment with Coinhive monero mining to raise funds. Hackers soon found ways to use Coinhive to stealthily profit off traffic to popular sites like those of Politifact, Starbucks, and CBS’ Showtime.

Visitors to those sites didn’t necessarily notice a major interruption. While being cryptojacked, however, they might have noticed that their system was running slower or hotter than usual—indications that something is siphoning your CPU, Pickett says.

Mobile security company Wandera found that a fully charged iPhone 7 with an open browser tab on a Coinhive-enabled webpage would be depleted in under two hours. Devices running these scripts could also get up to 68 degrees hotter than the recommended maximum temperature—a recipe for permanent damage.

On the other hand, Pickett says, “If someone wants to fly under the radar, they might kick it up to 75 percent instead of 100 percent” of your CPU. The more taxing on your CPU, the more obvious and potentially damaging.

Following the launch of Coinhive’s script, and the resulting influx of malicious integrations and permutations, the company said it was “saddened” that site publishers had integrated it into pages “without disclosing to their users what’s going on, let alone asking for their permission.”

Despite the damaging consequences to consumers, Pickett says he anticipates more businesses embracing the revenue potential of cryptojacking.

“So long as cryptocurrency remains profitable, we’ll see [site publishers] try to legitimize it where maybe they’re not using everyone’s full power and allowing users to agree to it,” he says. “A lot of sites will increase their usage, and hide it in their terms of service or privacy policy that no one reads.”

How to stop cryptojacking

To combat the threat of cryptojacking, providers of antivirus software, ad blockers, browser extensions, and even browsers themselves have rolled out updates designed to detect and prevent cryptomining. These technologies will undoubtedly evolve, Pickett says, alongside cryptojacking.

Two of the popular browser extensions, No Coin and MinerBlock, maintain site blacklists, allow whitelisting, and alert users about any cryptomining activity they detect. Ad-blocking tools such as AdBlock Plus offer filters that block sites flagged for cryptojacking. And the latest release of the Web browser Opera integrates an anti-cryptomining ad blocker.

Besides installing software designed to detect or block cryptojacking scripts, Pickett advises being vigilant and responsive.

If your device suddenly slows, stalls, or runs hot when visiting a site, close your browser, and restart your device, Pickett says. If the script opens and hides a new window, restarting your device will stop it.